Personal and business relationships rely on trust to function, but blind trust in the digital world is downright dangerous.
We’re asked to trust companies all the time. We trust them with personal details and they promise to keep them safe. It’s the same story in the enterprise. One company will entrust another to backup and store data, keeping it accessible for employees, but shutting out criminals and spies. Sometimes that trust proves to be misplaced, with disastrous results.
On a personal level your account on a specific website may be hacked, but your exposure is not necessarily limited. If you use the same password elsewhere, or you used a social media account to log in, then it could be exposed too. Criminals may be able to steal your identity, or dupe your friends and family. They will almost certainly sell your data to others.
On a business level the crown jewels of the company may be exposed to rivals or criminals. Defenses are usually set up to tackle the cyber-attacks that come head-on. If someone gains access through another vendor or partner with legitimate credentials to access your system, then you may never even realize that your security has been breached.
It looks as though the recent theft of customer accounts from Target may have come through an HVAC contractor. More than a hundred million customer accounts were compromised, thanks to that allegedly ‘trusted’ third party. The big retailer and the NSA have something in common with their risk profiles: both were Snowdened.
There are basic ways to combat data theft. For starters, don’t use your social media accounts as log-in proxies to open new accounts. Two-factor authentication should be a basic standard, sensitive data and computers should be encrypted, and there has to be some oversight so that exposures can be detected and mitigated.
If your business relies on third-parties, then the onus is on you to perform due diligence. Don’t make assumptions about security standards. Don’t bury your head in the sand. Ask the difficult questions, check the documentation, and scrutinize processes and procedures.
Do you know who is in your network at any given moment? Can you verify, track, and control that access? Are you certain that all the vendors and partners you do business with meet your standards?
If the answer to any of those questions is no, then you have some work to do.
By Michelle Drolet, founder and CEO, Towerwall
Special to Wired’s Innovation Insights
This article was recently published in Wired’s Innovation Insights